I’m seeing weird cross-app leakage for AsyncStorage and SecureStorage, which I thought was impossible. Here’s the setup:
- I have built two standalone builds of my app from the same sourcecode.
- One is published to appstoresconnect under ‘com.company.app’ and the other under ‘com.company.app.beta’.
- I have both installed on my physical iOS device.
- When I log in to ‘com.company.app’, which is pointed at our production instance, it works.
- Then, when I open ‘com.company.app.beta’, which is pointed at our staging instance, I get 403 responses because I’m trying to use production creds to authenticate against staging.
- When I then log out of ‘com.company.app.beta’ (which I never intentionally logged in to), I can log in and it works.
- When I re-open ‘com.company.app’ I am now logged out.
I’m using the same asyncstorage/securestorage keys for com.company.app and com.company.app.beta, and I’m not trying to do anything crazy here. I’m very confident that both apps are observing the same AsyncStorage/SecureStorage.
Has anyone experienced this issue? I’m deeply confused because I was under the impression that apps with different bundle identifiers had different sandboxes.